CVE-2005-3682 Information

Description

Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php.

Reference

http://marc.info/?l=bugtraq&m=113201564319843&w=2 http://secunia.com/advisories/17548/ http://securityreason.com/securityalert/181 http://www.osvdb.org/20845 http://www.osvdb.org/20846 http://www.osvdb.org/20847 http://www.securityfocus.com/bid/15410/references http://www.vupen.com/english/advisories/2005/2421 https://exchange.xforce.ibmcloud.com/vulnerabilities/23170 https://exchange.xforce.ibmcloud.com/vulnerabilities/23171